In Blog, Directory Services

Clouds in sky

Although the idea of an “electric commons open to all” was imagined by an American computer pioneer named J.C.R. Licklider in the 1960s, practical cloud implementation within IT is fairly new. Though it began as a detailed diagram sketched on sheets of paper, through innovation in technology over the decades, we are now able to implement the cloud to make systems more accessible and secure (Britannica). 

What was the Original “Cloud”?

In 1965, nearly 40 years before the release of Microsoft Active Directory®, MIT’s Computation Center worked on a Project on Mathematics and Computation (Project MAC) to experiment with “new ways in which on-line use of computers can aid people in their individual intellectual work, whether research, engineering design, management, or education.” (Multics.org

This project, which was a large and well-funded effort, led to the initial drafting and conceptualization of what we came to know as the early version of the internet. J.C.S. Licklider envisioned a future that he called the “Intergalactic Computer Network,” in which people were able to “substitute for the book a device that will make it easy to transmit information without transporting material.” 

To realize this vision, he helped develop the Advanced Research Projects Agency Network (ARPANET) as a primitive version for IT admins to connect large numbers of people through geographically separated systems. Below you can see an updated map of what Licklider envisioned as “the marriage of the human mind with the computer to result in better decision-making,” though he knew he was limited by the technology available at the time.

ARPANET Logical Map

Source: Hayley Williams, Lifehacker.com

What Next?

Fast forward past the production of the Sony Walkman and the first email (consisting of “something like QWERTYUIOP”), and the 1990s eventually pioneered the internet, which set the stage for the introduction of web-based services and the birth of the directory service.

In 1992 Tim Howes, who was working in the University of Michigan’s information technology division, created the Lightweight Directory Access Protocol (LDAP), marking the beginning of a new era in identity management. People were now able to control user access and management through on-prem hardware, greatly aiding in decreasing the organizational efforts of IT admins. 

And, a few years later, Microsoft combined LDAP with Kerberos® to make Active Directory® (AD), which quickly became the on-prem directory service of choice for Windows environments. This allowed IT organizations to connect systems together, authenticating and managing users across Windows-based devices. 

And Then, the Cloud

Through advancements in networking and computing, the cloud was born. Though there is no singular creator of the cloud, some attribute companies like Google and Amazon® with pioneering “cloud computing” to describe the increasing accessibility of software and systems. Others give the credit to Salesforce®, who popularized the Software-as-a-Service (SaaS) model in 1999, allowing users the freedom and flexibility of operating through a browser. 

These pioneering cloud services quickly cemented a framework that researchers had pondered over for decades. The ability to access software from an entirely separate location allowed IT admins to link and gather large networks of information more efficiently; physical hardware was no longer necessary on-prem. IT professionals and their users increasingly demanded for cloud innovations, as the cloud had quickly became a ubiquitous part of the professional lives. 

Providing More Services

With the boom in cloud service options like Infrastructure-as-a-Service (IaaS), which was introduced by Amazon and eventually named Amazon Web Services (AWS), afforded IT organizations a number of options for compute, storage, and bandwidth. 

Platform-as-a-Service (PaaS) allowed IT admins to build entire applications with nothing but effectively their code. Gone were the days of mashing buttons in a hot room occupied entirely by hardware, and admins were discovering the cloud’s flexibility in the services they used. 

Integrating the Cloud Into the Directory Landscape

As admins dealt with managing disparate user identities across cloud infrastructure, web applications, Linux®/Mac®, and more, their organizations began turning away from legacy solutions. The cloud could provide a number of services that seemed to solve almost every problem, yet AD, though not in the cloud, remained the leading directory service. IT professionals began integrating the cloud to existing directory services, but it caused two major issues:

  • IT was shifting toward a heterogeneous landscape, meaning that AD was losing its overarching hold over user and system management with the increased adoption of Macs and Linux devices.
  • The cloud provided worldwide access to critical data and resources, introducing security challenges like shadow IT and identity silos.

So while the cloud freed up IT organizations to focus in other areas, and made for the introduction of a number of innovative services, it left the door open to the idea that a data breach could happen anywhere at any time. A hacker didn’t need to walk through a door to obtain information, he or she just needed the right identity or password and could be sitting at any internet connected workstation in the world.

The Progression to a Secure Cloud Directory

The search for the next generation in directory service was on. With the rise of SaaS-delivered apps and non-Windows systems, traditional directory services struggled. In order to keep up with modern IT, organizations have resorted to buying additional tooling to pick up the slack since traditional directory services weren’t keeping up with the shifting IT landscape. 

However, using a cloud directory service, IT organizations can virtually cover all the bases of their identity management needs with one SaaS-based solution. These modern directory services must be built from the ground up to address modern security concerns, including the looming threat of data breaches and hacking. With users leveraging a wide range of IT resources, IT admins must be able to track all user accounts and enforce strong password practices including MFA.

Critical security features to look for in cloud-based identity management include:

  • Any passwords stored within the cloud-hosted directory should be one-way salted and hashed.
  • All communication should be done through mutual TLS. This requires certificates on both sides of the connection.
  • Infrastructure must be hardened. Steps to harden directory infrastructure include access controls including 2FA, data protection, monitoring, and recovery.
  • The organization providing the cloud-based directory service should undergo regular, independent audits, and also adhere to strict security standards when hiring and training employees.

With these measures in place, cloud-based directory services can be just as secure as their on-prem counterparts if not more.

Discover more with JumpCloud®

JumpCloud Directory-as-a-Service® (DaaS) is the first cloud-based directory service, and securely connects users to virtually all modern work resources while creating a safer identity for users. Its roots are founded within the progression to cloud directory services, and DaaS connects employee identities to their systems, apps, and networks through the cloud. It can also work alongside on-prem directories, serving as an identity bridge that extends Active Directory to the cloud.

If you’d like to check out DaaS, you can schedule a personalized demo with one of our team members to see the first cloud-based directory service in action. You can also sign up for a free account and get started managing 10 users at no extra cost.  

Recent Posts